OldGremlin Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (221)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en198
zh16
fr4
it2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us94
cn66
at10
ru6
ce4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike14
NetSupportManager RAT13
Raccoon11
RecordBreaker9
SideWinder8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined80
Content Management System18
Operating System12
WordPress Plugin10
Firewall Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined76
Microsoft12
Linksys6
Joomla6
Cisco6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Joomla CMS6
IBM Cognos Analytics4
cPanel4
Linksys WRT54GL4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
2Arduino LED injection5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001090.00CVE-2019-13991
3Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.03CVE-2021-3056
4Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.27CVE-2014-4078
5WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.08CVE-2022-21664
6VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
7Mikrotik RouterOS SNMP out-of-bounds8.07.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.003070.08CVE-2022-45315
8Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.04CVE-2024-1406
9RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex cross site scripting3.53.4$0-$5k$0-$5kHighOfficial Fix0.006120.00CVE-2020-35730
10Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.121490.04CVE-2019-10232
11Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kHighNot Defined0.974340.00CVE-2022-1040
12nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.96CVE-2020-12440
13CutePHP CuteNews unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.021070.08CVE-2019-11447
14WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.04CVE-2022-21663
15Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.3$25k-$100k$0-$5kHighOfficial Fix0.070840.05CVE-2022-26923
16QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.015750.03CVE-2017-13067
17Peplink Balance Cookie admin.cgi sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.014570.02CVE-2017-8835
18Cisco Internet of Things Field Network Director Web-based User Interface xml external entity reference5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001500.03CVE-2019-1698
19Mycroft AI WebSocket Server access control7.77.7$5k-$25k$5k-$25kNot DefinedNot Defined0.002400.00CVE-2018-1000621
20Simple and Beautiful Shopping Cart System uploadera.php unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001700.04CVE-2023-1558

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.181.156.84no-rdns.mivocloud.comOldGremlin06/02/2022verifiedHigh
245.61.138.170OldGremlin06/02/2022verifiedHigh
3XX.XXX.XXX.XXXXxxxxxxxxx04/18/2022verifiedHigh
4XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx06/02/2022verifiedHigh
5XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx06/02/2022verifiedHigh
6XXX.XX.XX.XXxxxxxxxxx04/18/2022verifiedHigh
7XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx04/18/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-102CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (101)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/RecordingList/DownloadRecord?file=predictiveHigh
2File/apply.cgipredictiveMedium
3File/php/ping.phppredictiveHigh
4File/rapi/read_urlpredictiveHigh
5File/scripts/unlock_tasks.phppredictiveHigh
6File/SysInfo1.htmpredictiveHigh
7File/sysinfo_json.cgipredictiveHigh
8File/system/user/modules/mod_users/controller.phppredictiveHigh
9File/uncpath/predictiveMedium
10File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHigh
11FileAppCompatCache.exepredictiveHigh
12Filexxxxxxx/xxxx.xxxpredictiveHigh
13Filexxxxxxxx.xxxpredictiveMedium
14Filexxx-xxx/xxxxxxx.xxpredictiveHigh
15Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveHigh
16Filexxxxxx/xxx.xpredictiveMedium
17Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxxxx.xxx.xxxpredictiveHigh
19Filexxxxx/xxxxx.xxxpredictiveHigh
20Filexxxx_xxxxx.xxxpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxx.xxxpredictiveMedium
23Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveHigh
24Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveHigh
25Filexx/xx-xx.xpredictiveMedium
26Filexxx/xxxx_xxxx.xpredictiveHigh
27Filexxxxxx/xxxxxxxxxxxpredictiveHigh
28Filexxxx_xxxxxx.xpredictiveHigh
29Filexxxx/xxxxxxx.xpredictiveHigh
30Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
31Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
32Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
33Filexxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxx_xxxxxxx/xxxx.xxxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxx/xxx.xxxpredictiveMedium
38Filexxxxxx.xpredictiveMedium
39Filexxxx.xxxpredictiveMedium
40Filexxxxx.xxxpredictiveMedium
41Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
42Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxxxxxx/xxxxxxxxxxpredictiveHigh
45Filexxxxxxx-xxxxxxxxxx/xxx/xxxxx.xxxpredictiveHigh
46Filexxxx.xxxpredictiveMedium
47Filexxxxx/xxxxx.xxxpredictiveHigh
48Filexxxxxxxx.xxxpredictiveMedium
49Filexxxxxxxxx.xxxpredictiveHigh
50Filexxxxxxxxx.xxxpredictiveHigh
51Filexxxx.xxxpredictiveMedium
52FilexxxxxxxxxxpredictiveMedium
53Filexxxxxxx/xxxxx.xxxpredictiveHigh
54Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
55ArgumentxxxxxxpredictiveLow
56Argumentxxxxxxx_xxxxpredictiveMedium
57Argumentxxxxxx_xxxxpredictiveMedium
58ArgumentxxxxxpredictiveLow
59ArgumentxxxpredictiveLow
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxxxxxpredictiveLow
62ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
63ArgumentxxxxxpredictiveLow
64Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
65Argumentxxxxxx_xxpredictiveMedium
66ArgumentxxxxxpredictiveLow
67ArgumentxxxxxxpredictiveLow
68ArgumentxxxxxxxxxxxxpredictiveMedium
69ArgumentxxxxxxpredictiveLow
70Argumentxx_xxxx [xx][x]/xx_xxxx [xx][x]/xx_xxxx [xx][x]/xx_xxxx [xx][x]/xxxxxpredictiveHigh
71ArgumentxxxxpredictiveLow
72ArgumentxxxxpredictiveLow
73ArgumentxxpredictiveLow
74ArgumentxxxxxxxxxpredictiveMedium
75Argumentxxxxxxxx[xx]predictiveMedium
76ArgumentxxxxxxxpredictiveLow
77Argumentxxx_xxxxpredictiveMedium
78Argumentxxxxx_xxpredictiveMedium
79ArgumentxxxxxxxxpredictiveMedium
80Argumentx_x_xpredictiveLow
81Argumentxxxxxxx/xxxxxpredictiveHigh
82Argumentxxxxxx_xxxpredictiveMedium
83ArgumentxxxxxxpredictiveLow
84Argumentxxxx_xxpredictiveLow
85Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
86ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
87Argumentxxxx_xxpredictiveLow
88ArgumentxxxpredictiveLow
89ArgumentxxxxpredictiveLow
90ArgumentxxxxxxxxpredictiveMedium
91Argumentxxxx/xx/xxxx/xxxpredictiveHigh
92ArgumentxxxxxxxxpredictiveMedium
93Input Value.%xx.../.%xx.../predictiveHigh
94Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
95Input Valuexxxxxxx -xxxpredictiveMedium
96Input ValuexxxxxxxxxxpredictiveMedium
97Network PortxxxxpredictiveLow
98Network PortxxxxpredictiveLow
99Network Portxxxx xxxxpredictiveMedium
100Network Portxxx/xxxpredictiveLow
101Network Portxxx/xxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!